Burger King Online Kid’s Shop Exposed Thousands Of Records From An Unsecured Database

Once again, an unsecured database has exposed sensitive customer records. Allegedly, the database belonged to a French Burger King Online shop for kids – the Kool King Shop. The misconfigured database exposed thousands of records including personal records and CRM details.

“An open and unprotected Elasticsearch cluster with plain-text data was left unattended at least since April 24, 2019, according to Shodan historical data.”

The database allegedly belonged to the Kool King Shop – the French-only Burger King online shop for kids. Regarding the information leaked from the database, Diachenko stated that he found 37,900 customer records. These records included sensitive information such as names, phone numbers, dates of birth, email addresses, passwords, voucher codes, and links to externally stored certificates.

Database Now Closed

After Diachenko found the unsecured database, he promptly reported the matter to the database admins. The researcher could easily get their email addresses from the exposed data. The Burger King team acknowledged his findings and took necessary actions to rectify the matter. As per their statement,

“All the necessary actions legally required have been taken internally and with our service provider immediately after this incident came to our knowledge to ensure the effective resolution of the problem as well as the safety of our clients’ data. We are also liaising with the relevant national authority having jurisdiction in this respect.”

While the admins promptly closed the database, it is certainly alarming to witness the increase in the frequency of data leakage through unsecured or misconfigured servers. Perhaps, it is high time that the organizations should vigilantly review the security status of their databases.